CVE-2016-9132
EUVD-2016-994930.01.2017, 22:59
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| botan_project | botan | 1.8.0 |
| botan_project | botan | 1.8.1 |
| botan_project | botan | 1.8.2 |
| botan_project | botan | 1.8.3 |
| botan_project | botan | 1.8.4 |
| botan_project | botan | 1.8.5 |
| botan_project | botan | 1.8.6 |
| botan_project | botan | 1.8.7 |
| botan_project | botan | 1.8.8 |
| botan_project | botan | 1.8.9 |
| botan_project | botan | 1.8.10 |
| botan_project | botan | 1.8.11 |
| botan_project | botan | 1.8.12 |
| botan_project | botan | 1.8.13 |
| botan_project | botan | 1.8.14 |
| botan_project | botan | 1.8.15 |
| botan_project | botan | 1.9.0 |
| botan_project | botan | 1.9.1 |
| botan_project | botan | 1.9.2 |
| botan_project | botan | 1.9.3 |
| botan_project | botan | 1.9.4 |
| botan_project | botan | 1.9.5 |
| botan_project | botan | 1.9.6 |
| botan_project | botan | 1.9.7 |
| botan_project | botan | 1.9.8 |
| botan_project | botan | 1.9.9 |
| botan_project | botan | 1.9.10 |
| botan_project | botan | 1.9.11 |
| botan_project | botan | 1.9.12 |
| botan_project | botan | 1.9.13 |
| botan_project | botan | 1.9.14 |
| botan_project | botan | 1.9.15 |
| botan_project | botan | 1.9.16 |
| botan_project | botan | 1.9.17 |
| botan_project | botan | 1.9.18 |
| botan_project | botan | 1.10.0 |
| botan_project | botan | 1.10.1 |
| botan_project | botan | 1.10.2 |
| botan_project | botan | 1.10.3 |
| botan_project | botan | 1.10.4 |
| botan_project | botan | 1.10.5 |
| botan_project | botan | 1.10.6 |
| botan_project | botan | 1.10.7 |
| botan_project | botan | 1.10.8 |
| botan_project | botan | 1.10.9 |
| botan_project | botan | 1.10.10 |
| botan_project | botan | 1.10.11 |
| botan_project | botan | 1.10.12 |
| botan_project | botan | 1.10.13 |
| botan_project | botan | 1.10.14 |
| botan_project | botan | 1.10.15 |
| botan_project | botan | 1.11.0 |
| botan_project | botan | 1.11.1 |
| botan_project | botan | 1.11.2 |
| botan_project | botan | 1.11.3 |
| botan_project | botan | 1.11.4 |
| botan_project | botan | 1.11.5 |
| botan_project | botan | 1.11.6 |
| botan_project | botan | 1.11.7 |
| botan_project | botan | 1.11.8 |
| botan_project | botan | 1.11.9 |
| botan_project | botan | 1.11.10 |
| botan_project | botan | 1.11.11 |
| botan_project | botan | 1.11.12 |
| botan_project | botan | 1.11.13 |
| botan_project | botan | 1.11.14 |
| botan_project | botan | 1.11.15 |
| botan_project | botan | 1.11.16 |
| botan_project | botan | 1.11.17 |
| botan_project | botan | 1.11.18 |
| botan_project | botan | 1.11.19 |
| botan_project | botan | 1.11.20 |
| botan_project | botan | 1.11.21 |
| botan_project | botan | 1.11.23 |
| botan_project | botan | 1.11.24 |
| botan_project | botan | 1.11.25 |
| botan_project | botan | 1.11.26 |
| botan_project | botan | 1.11.27 |
| botan_project | botan | 1.11.28 |
| botan_project | botan | 1.11.29 |
| botan_project | botan | 1.11.30 |
| botan_project | botan | 1.11.31 |
| botan_project | botan | 1.11.32 |
| botan_project | botan | 1.11.33 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| botan1.10 |
| ||||||||||||||||||||||||||||||||||
| botan1.8 |
|
References